CVE-2020-6072Double Free in Libmicrodns

CWE-415Double Free7 documents6 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
0.8%
top 25.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Videolan VLC Media PlayerVideolabs LibmicrodnsDebian Linux
Timeline
PublishedMar 24
Latest updateJan 28

Description

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Debianvideolabs/libmicrodns< 0.2.0-1+1
Ubuntuvideolabs/libmicrodns< 0.0.8-1ubuntu0.1~esm1
Debianvideolan/vlc_media_player< 3.0.8-4+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

4
OSV
libmicrodns vulnerabilities2025-01-28
GHSA
GHSA-jqrj-pmvg-62w8: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 02022-05-24
CVEList
CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 02020-03-24
OSV
CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 02020-03-24

📋Vendor Advisories

2
Ubuntu
libmicrodns vulnerabilities2025-01-28
Debian
CVE-2020-6072: libmicrodns - An exploitable code execution vulnerability exists in the label-parsing function...2020
CVE-2020-6072 — Double Free in Videolabs Libmicrodns | cvebase